From: Kazunori MIYAZAWA <[EMAIL PROTECTED]> Date: Mon, 04 Dec 2006 13:26:29 +0900
> If uninitialized ut->family is AF_INET or AF_INET6 by chance > and the family of outer addresses (ut->saddr) is differnt > ut->family, it results some garbage in the kernel as you know. > > I think it does not results any oops or a segmentation fault > because xfrm_address always has enough length (16 bytes) to wrong > access. > > From the point of view of security, the policy has garbege > templates, but the selector is valid and it mangates applying > IPsec. So it result blocking the traffic. > Accordingly, I think it falls down to secure side. Yes, I am beginning to think it is safe too. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
